Home

CVE-2019-9500

Description

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Risk Information

Base Score
8.3
MODERATE
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.469

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2019:2703) kernel security and bug fix update bpftool-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-abi-whitelists-4.18.0-80.11.1.el8_0.noarch.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-core-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-cross-headers-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-debug-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-debug-core-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-debug-devel-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-debug-modules-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-debug-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-devel-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-doc-4.18.0-80.11.1.el8_0.noarch.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-headers-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-modules-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-tools-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update kernel-tools-libs-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update perf-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2703) kernel security and bug fix update python3-perf-4.18.0-80.11.1.el8_0.x86_64.rpmLinux
(RHSA-2019:2945) kpatch-patch security update kpatch-patch-3_10_0-1062-1-2.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234